On 10/25/19 10:21 AM, Pavel Begunkov wrote: > On 25/10/2019 19:03, Jens Axboe wrote: >> On 10/25/19 3:55 AM, Pavel Begunkov wrote: >>> I found 2 problems with __io_sequence_defer(). >>> >>> 1. it uses @sq_dropped, but doesn't consider @cq_overflow >>> 2. @sq_dropped and @cq_overflow are write-shared with userspace, so >>> it can be maliciously changed. >>> >>> see sent liburing test (test/defer *_hung()), which left an unkillable >>> process for me >> >> OK, how about the below. I'll split this in two, as it's really two >> separate fixes. > cached_sq_dropped is good, but I was concerned about cached_cq_overflow. > io_cqring_fill_event() can be called in async, so shouldn't we do some > synchronisation then? We should probably make it an atomic just to be on the safe side, I'll update the series. -- Jens Axboe
